Re: a small C program to test xdm's /dev/mem reading on your architecture
On Mon, Aug 26, 2002 at 09:10:54PM +0200, Marcus Brinkmann wrote:
> On Mon, Aug 26, 2002 at 12:50:22PM -0500, Branden Robinson wrote:
> > > I can't believe he actually intends to keep it like this..
> >
> > I'm going to #define DEV_RANDOM /dev/random for Linux systems.
>
> That's bad, because that will drain the entropy a lot, and it might
> block for a long time, and that for no good reason as I don't think the
> magic cookie needs strong cryptographical security (for comparison: The
> secret key of a public key cryptography key pair should be created using
> /dev/random, while for session keys /dev/urandom is good enough).
/dev/random? /dev/urandom? You are kidding. This randmomness is used
to create authorisation cookies for X which in my understanding provide
ZERO security. Use plain libc rand() and the security is exactly the same.
Richard
Reply to: